tpalfy commented on a change in pull request #4973:
URL: https://github.com/apache/nifi/pull/4973#discussion_r620407997
##########
File path:
nifi-nar-bundles/nifi-accumulo-bundle/nifi-accumulo-services/src/main/java/org/apache/nifi/accumulo/controllerservices/AccumuloService.java
##########
@@ -50,52 +61,95 @@
*/
@RequiresInstanceClassLoading
@Tags({"accumulo", "client", "service"})
-@CapabilityDescription("A controller service for accessing an HBase client.")
+@CapabilityDescription("A controller service for accessing an Accumulo
Client.")
public class AccumuloService extends AbstractControllerService implements
BaseAccumuloService {
- private enum AuthenticationType{
+ private enum AuthenticationType {
PASSWORD,
+ KERBEROS,
NONE
}
protected static final PropertyDescriptor ZOOKEEPER_QUORUM = new
PropertyDescriptor.Builder()
.name("ZooKeeper Quorum")
+ .displayName("ZooKeeper Quorum")
.description("Comma-separated list of ZooKeeper hosts for
Accumulo.")
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
.build();
protected static final PropertyDescriptor INSTANCE_NAME = new
PropertyDescriptor.Builder()
- .name("Instance Name")
+ .name("accumulo-instance-name")
+ .displayName("Instance Name")
.description("Instance name of the Accumulo cluster")
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
.build();
+ protected static final PropertyDescriptor AUTHENTICATION_TYPE = new
PropertyDescriptor.Builder()
+ .name("accumulo-authentication-type")
+ .displayName("Authentication Type")
+ .description("Authentication Type")
+ .allowableValues(AuthenticationType.values())
+ .defaultValue(AuthenticationType.PASSWORD.toString())
+ .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
+ .build();
protected static final PropertyDescriptor ACCUMULO_USER = new
PropertyDescriptor.Builder()
- .name("Accumulo User")
+ .name("accumulo-user")
+ .displayName("Accumulo User")
.description("Connecting user for Accumulo")
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
+ .dependsOn(AUTHENTICATION_TYPE,
AuthenticationType.PASSWORD.toString())
.build();
protected static final PropertyDescriptor ACCUMULO_PASSWORD = new
PropertyDescriptor.Builder()
- .name("Accumulo Password")
- .description("Connecting user's password when using the PASSWORD
Authentication type")
+ .name("accumulo-password")
+ .displayName("Accumulo Password")
+ .description("Connecting user's password")
.sensitive(true)
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
+ .dependsOn(AUTHENTICATION_TYPE,
AuthenticationType.PASSWORD.toString())
.build();
- protected static final PropertyDescriptor AUTHENTICATION_TYPE = new
PropertyDescriptor.Builder()
- .name("Authentication Type")
- .description("Authentication Type")
- .allowableValues(AuthenticationType.values())
- .defaultValue(AuthenticationType.PASSWORD.toString())
+ protected static final PropertyDescriptor KERBEROS_CREDENTIALS_SERVICE =
new PropertyDescriptor.Builder()
+ .name("kerberos-credentials-service")
+ .displayName("Kerberos Credentials Service")
+ .description("Specifies the Kerberos Credentials Controller
Service that should be used for principal + keytab Kerberos authentication")
+ .identifiesControllerService(KerberosCredentialsService.class)
+ .dependsOn(AUTHENTICATION_TYPE,
AuthenticationType.KERBEROS.toString())
+ .build();
+
+ protected static final PropertyDescriptor ACCUMULO_PRINCIPAL = new
PropertyDescriptor.Builder()
+ .name("accumulo-principal")
+ .displayName("Accumulo Principal")
+ .description("Connecting principal for Accumulo")
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
+
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
+ .dependsOn(AUTHENTICATION_TYPE,
AuthenticationType.KERBEROS.toString())
.build();
+ protected static final PropertyDescriptor ACCUMULO_PASSWORD_FOR_KERBEROS =
new PropertyDescriptor.Builder()
Review comment:
```suggestion
protected static final PropertyDescriptor KERBEROS_PASSWORD = new
PropertyDescriptor.Builder()
```
##########
File path:
nifi-nar-bundles/nifi-accumulo-bundle/nifi-accumulo-services/src/main/java/org/apache/nifi/accumulo/controllerservices/AccumuloService.java
##########
@@ -150,61 +205,106 @@ private AuthenticationToken getToken(final
AuthenticationType type, final Config
problems.add(new
ValidationResult.Builder().valid(false).subject(ZOOKEEPER_QUORUM.getName()).explanation("Zookeepers
must be supplied").build());
}
- if (!validationContext.getProperty(ACCUMULO_USER).isSet()){
- problems.add(new
ValidationResult.Builder().valid(false).subject(ACCUMULO_USER.getName()).explanation("Accumulo
user must be supplied").build());
- }
-
final AuthenticationType type = validationContext.getProperty(
- AUTHENTICATION_TYPE).isSet() ? AuthenticationType.valueOf(
validationContext.getProperty(AUTHENTICATION_TYPE).getValue() ) :
AuthenticationType.PASSWORD;
+ AUTHENTICATION_TYPE).isSet() ? AuthenticationType.valueOf(
validationContext.getProperty(AUTHENTICATION_TYPE).getValue() ) :
AuthenticationType.NONE;
switch(type){
case PASSWORD:
+ if (!validationContext.getProperty(ACCUMULO_USER).isSet()){
+ problems.add(
+ new
ValidationResult.Builder().valid(false).subject(ACCUMULO_USER.getName()).explanation("Accumulo
user must be supplied for the Password Authentication type").build());
+ }
if (!validationContext.getProperty(ACCUMULO_PASSWORD).isSet()){
problems.add(
- new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName()).explanation("Password
must be supplied for the Password Authentication type").build());
+ new
ValidationResult.Builder().valid(false).subject(ACCUMULO_PASSWORD.getName())
+ .explanation("Password must be supplied
for the Password Authentication type").build());
+ }
+ break;
+ case KERBEROS:
+ if
(!validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).isSet() &&
!validationContext.getProperty(ACCUMULO_PASSWORD_FOR_KERBEROS).isSet()){
+ problems.add(new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName())
+ .explanation("Either password or Kerberos
Credential Service must be set").build());
+ } else if
(validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).isSet() &&
validationContext.getProperty(ACCUMULO_PASSWORD_FOR_KERBEROS).isSet()){
+ problems.add(new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName())
+ .explanation("Password and Kerberos Credential
Service should not be filled out at the same time").build());
Review comment:
```suggestion
.explanation("Kerberos Password and Kerberos
Credential Service should not be filled out at the same time").build());
```
##########
File path:
nifi-nar-bundles/nifi-accumulo-bundle/nifi-accumulo-services/src/main/java/org/apache/nifi/accumulo/controllerservices/AccumuloService.java
##########
@@ -50,52 +61,95 @@
*/
@RequiresInstanceClassLoading
@Tags({"accumulo", "client", "service"})
-@CapabilityDescription("A controller service for accessing an HBase client.")
+@CapabilityDescription("A controller service for accessing an Accumulo
Client.")
public class AccumuloService extends AbstractControllerService implements
BaseAccumuloService {
- private enum AuthenticationType{
+ private enum AuthenticationType {
PASSWORD,
+ KERBEROS,
NONE
}
protected static final PropertyDescriptor ZOOKEEPER_QUORUM = new
PropertyDescriptor.Builder()
.name("ZooKeeper Quorum")
+ .displayName("ZooKeeper Quorum")
.description("Comma-separated list of ZooKeeper hosts for
Accumulo.")
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
.build();
protected static final PropertyDescriptor INSTANCE_NAME = new
PropertyDescriptor.Builder()
- .name("Instance Name")
+ .name("accumulo-instance-name")
+ .displayName("Instance Name")
.description("Instance name of the Accumulo cluster")
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
.build();
+ protected static final PropertyDescriptor AUTHENTICATION_TYPE = new
PropertyDescriptor.Builder()
+ .name("accumulo-authentication-type")
+ .displayName("Authentication Type")
+ .description("Authentication Type")
+ .allowableValues(AuthenticationType.values())
+ .defaultValue(AuthenticationType.PASSWORD.toString())
+ .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
+ .build();
protected static final PropertyDescriptor ACCUMULO_USER = new
PropertyDescriptor.Builder()
- .name("Accumulo User")
+ .name("accumulo-user")
+ .displayName("Accumulo User")
.description("Connecting user for Accumulo")
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
+ .dependsOn(AUTHENTICATION_TYPE,
AuthenticationType.PASSWORD.toString())
.build();
protected static final PropertyDescriptor ACCUMULO_PASSWORD = new
PropertyDescriptor.Builder()
- .name("Accumulo Password")
- .description("Connecting user's password when using the PASSWORD
Authentication type")
+ .name("accumulo-password")
+ .displayName("Accumulo Password")
+ .description("Connecting user's password")
.sensitive(true)
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
+ .dependsOn(AUTHENTICATION_TYPE,
AuthenticationType.PASSWORD.toString())
.build();
- protected static final PropertyDescriptor AUTHENTICATION_TYPE = new
PropertyDescriptor.Builder()
- .name("Authentication Type")
- .description("Authentication Type")
- .allowableValues(AuthenticationType.values())
- .defaultValue(AuthenticationType.PASSWORD.toString())
+ protected static final PropertyDescriptor KERBEROS_CREDENTIALS_SERVICE =
new PropertyDescriptor.Builder()
+ .name("kerberos-credentials-service")
+ .displayName("Kerberos Credentials Service")
+ .description("Specifies the Kerberos Credentials Controller
Service that should be used for principal + keytab Kerberos authentication")
+ .identifiesControllerService(KerberosCredentialsService.class)
+ .dependsOn(AUTHENTICATION_TYPE,
AuthenticationType.KERBEROS.toString())
+ .build();
+
+ protected static final PropertyDescriptor ACCUMULO_PRINCIPAL = new
PropertyDescriptor.Builder()
Review comment:
```suggestion
protected static final PropertyDescriptor KERBEROS_PRINCIPAL = new
PropertyDescriptor.Builder()
```
##########
File path:
nifi-nar-bundles/nifi-accumulo-bundle/nifi-accumulo-services/src/main/java/org/apache/nifi/accumulo/controllerservices/AccumuloService.java
##########
@@ -50,52 +61,95 @@
*/
@RequiresInstanceClassLoading
@Tags({"accumulo", "client", "service"})
-@CapabilityDescription("A controller service for accessing an HBase client.")
+@CapabilityDescription("A controller service for accessing an Accumulo
Client.")
public class AccumuloService extends AbstractControllerService implements
BaseAccumuloService {
- private enum AuthenticationType{
+ private enum AuthenticationType {
PASSWORD,
+ KERBEROS,
NONE
}
protected static final PropertyDescriptor ZOOKEEPER_QUORUM = new
PropertyDescriptor.Builder()
.name("ZooKeeper Quorum")
+ .displayName("ZooKeeper Quorum")
.description("Comma-separated list of ZooKeeper hosts for
Accumulo.")
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
.build();
protected static final PropertyDescriptor INSTANCE_NAME = new
PropertyDescriptor.Builder()
- .name("Instance Name")
+ .name("accumulo-instance-name")
Review comment:
Changing the name can lead to compatibility issues.
##########
File path:
nifi-nar-bundles/nifi-accumulo-bundle/nifi-accumulo-services/src/main/java/org/apache/nifi/accumulo/controllerservices/AccumuloService.java
##########
@@ -150,61 +205,106 @@ private AuthenticationToken getToken(final
AuthenticationType type, final Config
problems.add(new
ValidationResult.Builder().valid(false).subject(ZOOKEEPER_QUORUM.getName()).explanation("Zookeepers
must be supplied").build());
}
- if (!validationContext.getProperty(ACCUMULO_USER).isSet()){
- problems.add(new
ValidationResult.Builder().valid(false).subject(ACCUMULO_USER.getName()).explanation("Accumulo
user must be supplied").build());
- }
-
final AuthenticationType type = validationContext.getProperty(
- AUTHENTICATION_TYPE).isSet() ? AuthenticationType.valueOf(
validationContext.getProperty(AUTHENTICATION_TYPE).getValue() ) :
AuthenticationType.PASSWORD;
+ AUTHENTICATION_TYPE).isSet() ? AuthenticationType.valueOf(
validationContext.getProperty(AUTHENTICATION_TYPE).getValue() ) :
AuthenticationType.NONE;
switch(type){
case PASSWORD:
+ if (!validationContext.getProperty(ACCUMULO_USER).isSet()){
+ problems.add(
+ new
ValidationResult.Builder().valid(false).subject(ACCUMULO_USER.getName()).explanation("Accumulo
user must be supplied for the Password Authentication type").build());
+ }
if (!validationContext.getProperty(ACCUMULO_PASSWORD).isSet()){
problems.add(
- new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName()).explanation("Password
must be supplied for the Password Authentication type").build());
+ new
ValidationResult.Builder().valid(false).subject(ACCUMULO_PASSWORD.getName())
+ .explanation("Password must be supplied
for the Password Authentication type").build());
+ }
+ break;
+ case KERBEROS:
+ if
(!validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).isSet() &&
!validationContext.getProperty(ACCUMULO_PASSWORD_FOR_KERBEROS).isSet()){
+ problems.add(new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName())
+ .explanation("Either password or Kerberos
Credential Service must be set").build());
Review comment:
```suggestion
.explanation("Either Kerberos Password or
Kerberos Credential Service must be set").build());
```
##########
File path:
nifi-nar-bundles/nifi-accumulo-bundle/nifi-accumulo-services/src/main/java/org/apache/nifi/accumulo/controllerservices/AccumuloService.java
##########
@@ -107,34 +161,35 @@
*/
private List<PropertyDescriptor> properties;
+ private AuthenticationType authType;
Review comment:
No need to extract as field.
##########
File path:
nifi-nar-bundles/nifi-accumulo-bundle/nifi-accumulo-services/src/main/java/org/apache/nifi/accumulo/controllerservices/AccumuloService.java
##########
@@ -150,61 +205,106 @@ private AuthenticationToken getToken(final
AuthenticationType type, final Config
problems.add(new
ValidationResult.Builder().valid(false).subject(ZOOKEEPER_QUORUM.getName()).explanation("Zookeepers
must be supplied").build());
}
- if (!validationContext.getProperty(ACCUMULO_USER).isSet()){
- problems.add(new
ValidationResult.Builder().valid(false).subject(ACCUMULO_USER.getName()).explanation("Accumulo
user must be supplied").build());
- }
-
final AuthenticationType type = validationContext.getProperty(
- AUTHENTICATION_TYPE).isSet() ? AuthenticationType.valueOf(
validationContext.getProperty(AUTHENTICATION_TYPE).getValue() ) :
AuthenticationType.PASSWORD;
+ AUTHENTICATION_TYPE).isSet() ? AuthenticationType.valueOf(
validationContext.getProperty(AUTHENTICATION_TYPE).getValue() ) :
AuthenticationType.NONE;
switch(type){
case PASSWORD:
+ if (!validationContext.getProperty(ACCUMULO_USER).isSet()){
+ problems.add(
+ new
ValidationResult.Builder().valid(false).subject(ACCUMULO_USER.getName()).explanation("Accumulo
user must be supplied for the Password Authentication type").build());
+ }
if (!validationContext.getProperty(ACCUMULO_PASSWORD).isSet()){
problems.add(
- new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName()).explanation("Password
must be supplied for the Password Authentication type").build());
+ new
ValidationResult.Builder().valid(false).subject(ACCUMULO_PASSWORD.getName())
+ .explanation("Password must be supplied
for the Password Authentication type").build());
Review comment:
```suggestion
.explanation("Kerberos Password must be
supplied for the Password Authentication type").build());
```
##########
File path:
nifi-nar-bundles/nifi-accumulo-bundle/nifi-accumulo-services/src/main/java/org/apache/nifi/accumulo/controllerservices/AccumuloService.java
##########
@@ -150,61 +205,106 @@ private AuthenticationToken getToken(final
AuthenticationType type, final Config
problems.add(new
ValidationResult.Builder().valid(false).subject(ZOOKEEPER_QUORUM.getName()).explanation("Zookeepers
must be supplied").build());
}
- if (!validationContext.getProperty(ACCUMULO_USER).isSet()){
- problems.add(new
ValidationResult.Builder().valid(false).subject(ACCUMULO_USER.getName()).explanation("Accumulo
user must be supplied").build());
- }
-
final AuthenticationType type = validationContext.getProperty(
- AUTHENTICATION_TYPE).isSet() ? AuthenticationType.valueOf(
validationContext.getProperty(AUTHENTICATION_TYPE).getValue() ) :
AuthenticationType.PASSWORD;
+ AUTHENTICATION_TYPE).isSet() ? AuthenticationType.valueOf(
validationContext.getProperty(AUTHENTICATION_TYPE).getValue() ) :
AuthenticationType.NONE;
switch(type){
case PASSWORD:
+ if (!validationContext.getProperty(ACCUMULO_USER).isSet()){
+ problems.add(
+ new
ValidationResult.Builder().valid(false).subject(ACCUMULO_USER.getName()).explanation("Accumulo
user must be supplied for the Password Authentication type").build());
+ }
if (!validationContext.getProperty(ACCUMULO_PASSWORD).isSet()){
problems.add(
- new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName()).explanation("Password
must be supplied for the Password Authentication type").build());
+ new
ValidationResult.Builder().valid(false).subject(ACCUMULO_PASSWORD.getName())
+ .explanation("Password must be supplied
for the Password Authentication type").build());
+ }
+ break;
+ case KERBEROS:
+ if
(!validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).isSet() &&
!validationContext.getProperty(ACCUMULO_PASSWORD_FOR_KERBEROS).isSet()){
+ problems.add(new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName())
+ .explanation("Either password or Kerberos
Credential Service must be set").build());
+ } else if
(validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).isSet() &&
validationContext.getProperty(ACCUMULO_PASSWORD_FOR_KERBEROS).isSet()){
+ problems.add(new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName())
+ .explanation("Password and Kerberos Credential
Service should not be filled out at the same time").build());
+ } else if
(validationContext.getProperty(ACCUMULO_PASSWORD_FOR_KERBEROS).isSet() &&
!validationContext.getProperty(ACCUMULO_PRINCIPAL).isSet()) {
+ problems.add(new
ValidationResult.Builder().valid(false).subject(ACCUMULO_PRINCIPAL.getName())
+ .explanation("Kerberos principal must be supplied
when principal + password Kerberos authentication is used").build());
+ } else if
(validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).isSet() &&
validationContext.getProperty(ACCUMULO_PRINCIPAL).isSet()){
+ problems.add(new
ValidationResult.Builder().valid(false).subject(ACCUMULO_PRINCIPAL.getName())
+ .explanation("Principal should not be filled out
when principal + keytab Kerberos authentication is used").build());
Review comment:
```suggestion
.explanation("Kerberos Principal (for password)
should not be filled out when principal + keytab Kerberos authentication is
used").build());
```
##########
File path:
nifi-nar-bundles/nifi-accumulo-bundle/nifi-accumulo-services/src/main/java/org/apache/nifi/accumulo/controllerservices/AccumuloService.java
##########
@@ -150,61 +205,106 @@ private AuthenticationToken getToken(final
AuthenticationType type, final Config
problems.add(new
ValidationResult.Builder().valid(false).subject(ZOOKEEPER_QUORUM.getName()).explanation("Zookeepers
must be supplied").build());
}
- if (!validationContext.getProperty(ACCUMULO_USER).isSet()){
- problems.add(new
ValidationResult.Builder().valid(false).subject(ACCUMULO_USER.getName()).explanation("Accumulo
user must be supplied").build());
- }
-
final AuthenticationType type = validationContext.getProperty(
- AUTHENTICATION_TYPE).isSet() ? AuthenticationType.valueOf(
validationContext.getProperty(AUTHENTICATION_TYPE).getValue() ) :
AuthenticationType.PASSWORD;
+ AUTHENTICATION_TYPE).isSet() ? AuthenticationType.valueOf(
validationContext.getProperty(AUTHENTICATION_TYPE).getValue() ) :
AuthenticationType.NONE;
switch(type){
case PASSWORD:
+ if (!validationContext.getProperty(ACCUMULO_USER).isSet()){
+ problems.add(
+ new
ValidationResult.Builder().valid(false).subject(ACCUMULO_USER.getName()).explanation("Accumulo
user must be supplied for the Password Authentication type").build());
+ }
if (!validationContext.getProperty(ACCUMULO_PASSWORD).isSet()){
problems.add(
- new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName()).explanation("Password
must be supplied for the Password Authentication type").build());
+ new
ValidationResult.Builder().valid(false).subject(ACCUMULO_PASSWORD.getName())
+ .explanation("Password must be supplied
for the Password Authentication type").build());
+ }
+ break;
+ case KERBEROS:
+ if
(!validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).isSet() &&
!validationContext.getProperty(ACCUMULO_PASSWORD_FOR_KERBEROS).isSet()){
+ problems.add(new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName())
+ .explanation("Either password or Kerberos
Credential Service must be set").build());
+ } else if
(validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).isSet() &&
validationContext.getProperty(ACCUMULO_PASSWORD_FOR_KERBEROS).isSet()){
+ problems.add(new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName())
+ .explanation("Password and Kerberos Credential
Service should not be filled out at the same time").build());
+ } else if
(validationContext.getProperty(ACCUMULO_PASSWORD_FOR_KERBEROS).isSet() &&
!validationContext.getProperty(ACCUMULO_PRINCIPAL).isSet()) {
+ problems.add(new
ValidationResult.Builder().valid(false).subject(ACCUMULO_PRINCIPAL.getName())
+ .explanation("Kerberos principal must be supplied
when principal + password Kerberos authentication is used").build());
+ } else if
(validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).isSet() &&
validationContext.getProperty(ACCUMULO_PRINCIPAL).isSet()){
+ problems.add(new
ValidationResult.Builder().valid(false).subject(ACCUMULO_PRINCIPAL.getName())
+ .explanation("Principal should not be filled out
when principal + keytab Kerberos authentication is used").build());
}
break;
default:
- problems.add(new
ValidationResult.Builder().valid(false).subject(ACCUMULO_PASSWORD.getName()).explanation("Non
supported Authentication type").build());
+ problems.add(new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName()).explanation("Non
supported Authentication type").build());
}
return problems;
}
@OnEnabled
public void onEnabled(final ConfigurationContext context) throws
InitializationException, IOException, InterruptedException {
- if (!context.getProperty(INSTANCE_NAME).isSet() ||
!context.getProperty(ZOOKEEPER_QUORUM).isSet() ||
!context.getProperty(ACCUMULO_USER).isSet()){
+ if (!context.getProperty(INSTANCE_NAME).isSet() ||
!context.getProperty(ZOOKEEPER_QUORUM).isSet()) {
throw new InitializationException("Instance name and Zookeeper
Quorum must be specified");
}
-
-
+ final KerberosCredentialsService kerberosService =
context.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
final String instanceName =
context.getProperty(INSTANCE_NAME).evaluateAttributeExpressions().getValue();
final String zookeepers =
context.getProperty(ZOOKEEPER_QUORUM).evaluateAttributeExpressions().getValue();
- final String accumuloUser =
context.getProperty(ACCUMULO_USER).evaluateAttributeExpressions().getValue();
+ authType = AuthenticationType.valueOf(
context.getProperty(AUTHENTICATION_TYPE).getValue());
+ final AtomicReference<AuthenticationToken> token = new
AtomicReference<>();
- final AuthenticationType type = AuthenticationType.valueOf(
context.getProperty(AUTHENTICATION_TYPE).getValue() );
+ final Properties clientConf = new Properties();
+ clientConf.setProperty("instance.zookeepers", zookeepers);
+ clientConf.setProperty("instance.name", instanceName);
+ switch(authType){
+ case PASSWORD:
+ final String accumuloUser =
context.getProperty(ACCUMULO_USER).evaluateAttributeExpressions().getValue();
+ token.set(new
PasswordToken(context.getProperty(ACCUMULO_PASSWORD).getValue()));
- final AuthenticationToken token = getToken(type,context);
+ this.client =
Accumulo.newClient().from(clientConf).as(accumuloUser, token.get()).build();
+ break;
+ case KERBEROS:
+ final String principal = kerberosService == null ?
context.getProperty(ACCUMULO_PRINCIPAL).getValue() :
kerberosService.getPrincipal();
+ final AtomicReference<KerberosUser> kerberosUser = new
AtomicReference<>();
Review comment:
This doesn't need to be AtomicReference.
##########
File path:
nifi-nar-bundles/nifi-accumulo-bundle/nifi-accumulo-services/src/main/java/org/apache/nifi/accumulo/controllerservices/AccumuloService.java
##########
@@ -150,61 +205,106 @@ private AuthenticationToken getToken(final
AuthenticationType type, final Config
problems.add(new
ValidationResult.Builder().valid(false).subject(ZOOKEEPER_QUORUM.getName()).explanation("Zookeepers
must be supplied").build());
}
- if (!validationContext.getProperty(ACCUMULO_USER).isSet()){
- problems.add(new
ValidationResult.Builder().valid(false).subject(ACCUMULO_USER.getName()).explanation("Accumulo
user must be supplied").build());
- }
-
final AuthenticationType type = validationContext.getProperty(
- AUTHENTICATION_TYPE).isSet() ? AuthenticationType.valueOf(
validationContext.getProperty(AUTHENTICATION_TYPE).getValue() ) :
AuthenticationType.PASSWORD;
+ AUTHENTICATION_TYPE).isSet() ? AuthenticationType.valueOf(
validationContext.getProperty(AUTHENTICATION_TYPE).getValue() ) :
AuthenticationType.NONE;
switch(type){
case PASSWORD:
+ if (!validationContext.getProperty(ACCUMULO_USER).isSet()){
+ problems.add(
+ new
ValidationResult.Builder().valid(false).subject(ACCUMULO_USER.getName()).explanation("Accumulo
user must be supplied for the Password Authentication type").build());
+ }
if (!validationContext.getProperty(ACCUMULO_PASSWORD).isSet()){
problems.add(
- new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName()).explanation("Password
must be supplied for the Password Authentication type").build());
+ new
ValidationResult.Builder().valid(false).subject(ACCUMULO_PASSWORD.getName())
+ .explanation("Password must be supplied
for the Password Authentication type").build());
+ }
+ break;
+ case KERBEROS:
+ if
(!validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).isSet() &&
!validationContext.getProperty(ACCUMULO_PASSWORD_FOR_KERBEROS).isSet()){
+ problems.add(new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName())
+ .explanation("Either password or Kerberos
Credential Service must be set").build());
+ } else if
(validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).isSet() &&
validationContext.getProperty(ACCUMULO_PASSWORD_FOR_KERBEROS).isSet()){
+ problems.add(new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName())
+ .explanation("Password and Kerberos Credential
Service should not be filled out at the same time").build());
+ } else if
(validationContext.getProperty(ACCUMULO_PASSWORD_FOR_KERBEROS).isSet() &&
!validationContext.getProperty(ACCUMULO_PRINCIPAL).isSet()) {
+ problems.add(new
ValidationResult.Builder().valid(false).subject(ACCUMULO_PRINCIPAL.getName())
+ .explanation("Kerberos principal must be supplied
when principal + password Kerberos authentication is used").build());
+ } else if
(validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).isSet() &&
validationContext.getProperty(ACCUMULO_PRINCIPAL).isSet()){
+ problems.add(new
ValidationResult.Builder().valid(false).subject(ACCUMULO_PRINCIPAL.getName())
+ .explanation("Principal should not be filled out
when principal + keytab Kerberos authentication is used").build());
}
break;
default:
- problems.add(new
ValidationResult.Builder().valid(false).subject(ACCUMULO_PASSWORD.getName()).explanation("Non
supported Authentication type").build());
+ problems.add(new
ValidationResult.Builder().valid(false).subject(AUTHENTICATION_TYPE.getName()).explanation("Non
supported Authentication type").build());
}
return problems;
}
@OnEnabled
public void onEnabled(final ConfigurationContext context) throws
InitializationException, IOException, InterruptedException {
- if (!context.getProperty(INSTANCE_NAME).isSet() ||
!context.getProperty(ZOOKEEPER_QUORUM).isSet() ||
!context.getProperty(ACCUMULO_USER).isSet()){
+ if (!context.getProperty(INSTANCE_NAME).isSet() ||
!context.getProperty(ZOOKEEPER_QUORUM).isSet()) {
throw new InitializationException("Instance name and Zookeeper
Quorum must be specified");
}
-
-
+ final KerberosCredentialsService kerberosService =
context.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
final String instanceName =
context.getProperty(INSTANCE_NAME).evaluateAttributeExpressions().getValue();
final String zookeepers =
context.getProperty(ZOOKEEPER_QUORUM).evaluateAttributeExpressions().getValue();
- final String accumuloUser =
context.getProperty(ACCUMULO_USER).evaluateAttributeExpressions().getValue();
+ authType = AuthenticationType.valueOf(
context.getProperty(AUTHENTICATION_TYPE).getValue());
+ final AtomicReference<AuthenticationToken> token = new
AtomicReference<>();
Review comment:
This doesn't need to be AtomicReference.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
